{Compute} Bump version disks 2020-05-01, compute 2020-06-01, Double encryption of disk encryption set #14212
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Compute |
yungezz
approved these changes
Jul 4, 2020
|
Wait for Python SDK release. |
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
Closed
arrownj
reviewed
Jul 9, 2020
| @@ -934,6 +934,8 @@ def load_arguments(self, _): | |||
| c.argument('disk_encryption_set_name', disk_encryption_set_name) | |||
| c.argument('key_url', help='URL pointing to a key or secret in KeyVault.') | |||
| c.argument('source_vault', help='Name or ID of the KeyVault containing the key or secret.') | |||
| c.argument('encryption_type', arg_type=get_enum_type(['EncryptionAtRestWithPlatformKey', 'EncryptionAtRestWithCustomerKey', 'EncryptionAtRestWithPlatformAndCustomerKeys']), | |||
There was a problem hiding this comment.
Can we use the original enum type instead of hardcode the values ?
| # if encryption_type is not None: | ||
| # encryption = Encryption(type=encryption_type, disk_encryption_set_id=disk_encryption_set) | ||
| # else: | ||
| # encryption = None |
There was a problem hiding this comment.
If it's not used anymore, it's better to remove it directly.
arrownj
approved these changes
Jul 9, 2020
|
I will fix comments and a test failure in another PR. Let's merge version bump first to unblock others' work. |
zhoxing-ms
approved these changes
Jul 9, 2020
fengzhou-msft
approved these changes
Jul 9, 2020
houk-ms
approved these changes
Jul 9, 2020
jsntcy
approved these changes
Jul 9, 2020
mmyyrroonn
approved these changes
Jul 9, 2020
Juliehzl
approved these changes
Jul 9, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Resolve #14107
Double encryption at rest is the continuation of server-side encryption (SSE) at rest with customer managed keys (CMK) that we recently announced in GA for managed disks. SSE with CMK allows customers to encrypt the data stored on managed disks at rest with AES 256 encryption. High security sensitive customers who are concerned of the risk associated with any particular encryption algorithm, implementation , or key being compromised can now opt for additional layer of encryption using a different encryption algorithm/mode using platform managed encryption keys.
To enable two layers of encryption at rest for Managed Disks attached to VMs/VMSS, you must must create a DiskEncryptionSet with encryptionType set as EncryptionAtRestWithPlatformAndCustomerKeys and then associate the DiskEncryptionSet to managed disks.
Fix an API version issue of disk encryption set. We should set operation group explicitly!
Testing Guide
Then you can create disk, VM or VMSS with it.
History Notes
[Compute] Bump version disks 2020-05-01, compute 2020-06-01
[Compute] Double encryption of disk encryption set
This checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.